Cyber Incident Victim: LATAM Airlines Group
Date:
May 2017
Location:
Chile
Summary
The LATAM Airlines Group was among numerous global entities disrupted by the WannaCry ransomware attack, which exploited unpatched Windows systems via phishing mechanisms to encrypt files and demand Bitcoin payments. This incident caused operational interruptions at the airline alongside other major organizations, including healthcare and logistics providers, highlighting vulnerabilities in enterprises that had not addressed known security flaws. The attack's rapid propagation underscored systemic risks posed by inadequate patch management and reliance on outdated software across critical infrastructure sectors.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On May 12, 2017, LATAM Airlines Group was among the global entities impacted by the WannaCry ransomware attack, which affected approximately 230,000 Windows devices across 150 countries. The attack exploited a known vulnerability in Microsoft Windows systems that had been publicly disclosed following the Shadow Brokers leaks, targeting organizations that failed to apply the available security patches. Attackers deployed the ransomware through phishing emails containing malicious file attachments, enabling the malware to propagate rapidly across networks once a single user downloaded the infected file. LATAM Airlines, alongside major organizations including Spain’s Telefónica, the UK’s National Health Service, Deutsche Bahn, and FedEx, experienced operational disruptions as critical files were encrypted by the ransomware. The attackers demanded Bitcoin payments starting at approximately $300 per infected device, accompanied by messages mocking victims and threatening permanent data loss if ransoms remained unpaid.
The incident highlighted systemic vulnerabilities in enterprise security practices, particularly the failure to patch known exploits and insufficient internal cybersecurity awareness. LATAM’s operations were disrupted alongside other critical service providers in communications, transportation, healthcare, and logistics sectors, demonstrating ransomware’s capacity to paralyze large-scale infrastructure. No specific remediation actions by LATAM were detailed in available reports, though the broader attack underscored the necessity of proactive vulnerability management. The U.S. government response included President Trump’s May 11 executive order mandating federal cybersecurity audits and agency accountability for patch management, though this directive emerged too late to prevent the WannaCry outbreak. Consequences extended beyond immediate operational interruptions, revealing widespread institutional unpreparedness for coordinated cyber threats and elevating concerns about future attacks against higher-profile targets like government agencies or critical infrastructure operators.